General
-
Target
f51331c22b3145d4f9d874b00b2b1d10.exe
-
Size
153KB
-
Sample
201229-7rn9qpzkwa
-
MD5
f51331c22b3145d4f9d874b00b2b1d10
-
SHA1
c4e949901074b10b6b75e3cfa6773e6ae5f369fe
-
SHA256
4216f800f1974308bb475952263e2dfb440551f271ae657eb2633062b98264fa
-
SHA512
0c2618c52ba597096f497596214d8feead6b8e32f5a91238a8e186575cff7779240b0f8651febf31e86fa9a63f4c5a7c53f7920257a582417b952c8609ea5b2a
Static task
static1
Behavioral task
behavioral1
Sample
f51331c22b3145d4f9d874b00b2b1d10.exe
Resource
win7v20201028
Malware Config
Extracted
smokeloader
2020
http://vtdilet.com/upload/
http://netvxi.com/upload/
http://tinnys.monster/upload/
Targets
-
-
Target
f51331c22b3145d4f9d874b00b2b1d10.exe
-
Size
153KB
-
MD5
f51331c22b3145d4f9d874b00b2b1d10
-
SHA1
c4e949901074b10b6b75e3cfa6773e6ae5f369fe
-
SHA256
4216f800f1974308bb475952263e2dfb440551f271ae657eb2633062b98264fa
-
SHA512
0c2618c52ba597096f497596214d8feead6b8e32f5a91238a8e186575cff7779240b0f8651febf31e86fa9a63f4c5a7c53f7920257a582417b952c8609ea5b2a
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-